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DETAILED ACTION 

This action is in response to the Arguments filed on September 28, 2005. 
Claims 2, 21, and 28 have been cancelled by the Applicant. 
Claims 1,19, 26, 27, and 29 have been amended. 

Claims 1, 3-20, 22-27, and 29-32 remain pending and are herein considered. 



Response to Arguments 

Applicant's arguments filed September 28, 2005 have been fully considered but 
they are not persuasive. 

The Applicant's first argument concerns Schneier's failure to disclose capturing 
bits from a free-running timer as recited in claims 1 and 19. The Examiner respectfully 
disagrees with the Applicant's contentions and would like to draw the Applicant's 
attention to pages 424 wherein Schneier discloses collecting the least significant bits 
from any clock register. Using the fact that a computer's clock, or system clock as it 
may be referred to is a free running timer, it is clear that Schneier does in fact teach 
collecting bits from a free-running timer as recited in claims 1 and 19. 

As per Applicant's arguments concerning Utz's failure to teach writing bits to a 
seed pool, the Examiner would like to refer back to page 14 of the Applicant's remarks 
wherein the Applicant states that the "Utz reference discloses storing bits in nonvolatile 
memory that are used as a 'start value'". That start value is then loaded in a serial 
fashion into a shift register (RS/PRNG), the same shift register which is supplied with 16 
bit values once a pushbutton switch is depressed (col.6 lines 37-61), changing the initial 
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'start value'. The result is then incorporated into messages sent as a synchronization 
code. It is clear that Utz does in fact write bits to a pool containing a starting value 
(seed) to be used later with a pseudo-random number generator. 

In view of the arguments previous, Examiner respectfully disagrees with the 
Applicants argument and maintains the 35 U.S.C. 102(e) rejections as provided in the 
previous office action, amending them below to correspond with the Applicant's 
Amendments. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1, 3-7, 12, 19-20, 22-24, and 26 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Bruce Schneier's "Applied Cryptography", hereinafter 
referred to as Schneier. 

Regarding claim 1, Schneier discloses a method of generating a random number 
for a cryptographic security subsystem of a processor-based device, the method 
comprising the acts of (a) detecting occurrences of a first type of triggering event (page 
426 lines 6-14); (b) capturing one or more bits of data from a free-running timer and 
writing the or more bits of data to a seed pool (or reservoir) upon termination of the first 
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type of triggering event (pages 424, 426); and (c) repeating acts (a) and (b) until 
(enough events have taken place) the seed pool is full (page 428 lines 16-18). 

Regarding claim 3, Schneier further discloses that the first type of triggering 
event has a variable duration (seemingly random events) (page 426 lines 7-8). 

Regarding claims 4-6, Schneier further discloses that the processor-based 
device is coupled to a communication link, and includes the act of receiving a 
communication from the communication link (arrival times of network packets), the link 
comprising a plurality of types (network, multimedia, etc) (page 426 lines 14-27). 

Regarding claim 7, Schneier further discloses (a) detecting occurrences of a 
second type of triggering event (a whole lot of seemingly random events); (e) writing 
one or more bits of data to the seed pool upon termination of the second type of 
triggering event; and (f) repeating act (e) each time the second type of triggering event 
is detected (for example, hashing together the sector number, time of day, and seek 
latency for every disk operation) (page 426 lines 16-17). 

Regarding claim 12, Schneier further discloses that the seed pool comprises a 
state bit indicative of a state of the seed pool, and wherein the method comprises the 
act of examining the state bit to determine whether the seed pool is full (waiting until 
enough external random events have taken place before continuing) (page 428 lines 
16-18). 

Claim 19 is directed towards a device's implementation of the method of claim 1 
and is rejected by similar rationale. 
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Claim 20 is directed towards a device's implementation of the method of claim 7 
and is rejected by similar rationale. 

Claim 22 is directed towards a device's implementation of the method of claim 3 
and is rejected by similar rationale. 

Claim 23 is directed towards a device's implementation of the method of claim 4 
and is rejected by similar rationale. 

Claim 24 is directed towards a device's implementation of the method of claim 5 
and is rejected by similar rationale. 

Claim 26 is directed towards a device's implementation of the method of claim 1 1 
and is rejected by similar rationale. 

Claims 13-18, 25, 27 and 29-32 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Utz et al., US Patent No. 5,680,131, hereinafter referred to as Utz. 

Regarding claim 13, Utz discloses a method of initializing a seed pool for 
generating a random number for a cryptographic security subsystem of a processor- 
based device, the method comprising the acts of (a) writing a plurality of bits of data to a 
seed pool (RS/PRNG), the plurality of bits of data having a signature (start) value (col. 5 
lines 34-42; col. 6 lines 13-28); (b) detecting occurrences of a first type of triggering 
event and (c) writing one or more bits of data to the seed pool upon termination of the 
first type of triggering event, the one or more bits of data altering the signature value of 
the seed pool (col. 6 lines 37-61); and (d) enabling the cryptographic security subsystem 
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when more than a predetermined portion of the signature value of the seed pool has 
been altered (col.7 line 61thru col.8 line 13; col. 9 line 62 thru col. 10 line 16). 

Regarding claims 14 and 15, Utz discloses wherein the first type of triggering 
event comprises either a cycle of power applied to the processor-based device or a 
reboot of the processor-based device (power-on reset circuit) (col. 5 lines 57-67). 

Regarding claim 16, Utz discloses wherein act (c) comprises the act of masking 
(serially combining) the one or more bits of data into the seed pool (col. 6 lines 57-61 ; 
col. 5 line 22). 

Regarding claim 17, Utz discloses wherein act (c) comprises the act of capturing 
the one or more bits of data from a free-running timer (clock signals) (col. 5 lines 59-61) . 

Regarding claim 18, Utz discloses detecting a second type of triggering event; 
determining if the seed pool is full; and writing one or more bits of data to the seed pool 
upon termination of the second type of triggering event if the seed pool is not full (col.3 
lines 38-40; col. 11 lines 51-55). 

Regarding claim 25, Utz discloses wherein the interface controller 
comprises an RS232 interface controller (col.7 lines 41-45; col. 10 lines 48-53). 

Regarding claim 27, Utz discloses a processor-based device comprising: a host 
processing system, the host processing system comprising a processor and a 
communications management system in communication with the host processing 
system (col. 5 lines 52-67); and a memory system in communication with the host 
processing system and the communications management system, wherein the 
communications management system comprises: a free running timer; an interface 
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controller (col. 6 lines 8-12); a non-volatile memory device to store a seed pool 
comprising a plurality of data bits (col. 5 lines 34-42); and security logic in 
communication with the interface controller and the non-volatile memory device, the 
security logic configured to establish a secure communication session between the 
processor-based device and an external device in communication with the processor- 
based device via the interface controller (col.4 lines 47-60), and wherein the security 
logic is configured to: capture one or more bits of data from the free-running timer and 
write the one or more bits to the seed pool upon termination of a first type of triggering 
event; determine whether the plurality of data bits in the seed pool has at least a portion 
of a signature value; and disable establishment of the secure communication session if 
the plurality of data bits has at least a portion of the signature value (col. 9 line 62 thru 
col.10 line 16). 

Regarding claim 29, Utz discloses a main power supply to supply power to the 
processor-based device, and wherein the first type of triggering event comprises a cycle 
of the power supplied by the main power supply (power-on reset circuit) (col. 5 lines 57- 
67). 

Regarding claims 30-31, Utz discloses wherein the security logic is configured to 
detect a second type of triggering event; determine whether the seed pool is fully 
populated; and write one or more data bits to the seed pool upon termination of the 
second type of triggering event if the seed pool is not fully populated (col. 3 lines 38-40; 
col.1 1 lines 51-55) and wherein the second type of triggering event comprises receipt of 
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a communication from the external device via the interface controller (col. 3 lines 38-40; 
col.1 1 lines 51-55). 

Regarding claim 32, Utz discloses wherein the interface controller comprises a 
network interface controller (col.7 lines 41-45; col. 10 lines 48-53). 

Claim Rejections - 35 USC § 103 

Claims 8-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schneier as applied to claims 1-6 above, and further in view of Alfred J. Menezes, 
Paul C. van Oorschot, and Scott A. Vanstone's "Handbook of Applied 
Cryptography", hereinafter referred to as Menezes. 

Claim 8 refers to the method of claim 7, wherein act (e) comprises masking the 
one or more bits of data into the seed pool upon termination of the second type of 
triggering event. 

Schneier refers only to the method of claim 7 and fails to specifically mention 
masking the bits into the seed pool. 

Menezes describes sampling a number of distinct sources and combining those 
sources using a complex mixing function such as a cryptographic hashing function 
(page 172 lines 34-37). 

It would have been obvious to a person of average skill in the area at the time of 
the invention to include within Schneier the complex mixing function as described in 
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Menezes to distill the true random bits from the samples sequences and guard against 
the possibility of a few of the sources failing, or being observed or manipulated by an 
adversary. 

Regarding claim 9, the combined system of Schneier and Menezes further 
discloses that act (e) comprises capturing the one or more bits of data from a free- 
running timer upon termination of the second type of triggering event (Schneier page 
426 lines 37-34). 

Regarding claim 10, the combined system of Schneier and Menezes further 
discloses that the second type of triggering event is different than the first type of 
triggering event (as many good sources of randomness as are available) (Menezes 
page 172 lines 32-34, 37-38). 

Regarding claim 1 1 , the combined system of Schneier and Menezes further 
discloses that the second type of triggering event is a cycle of power applied to the 
processor-based device (Schneier page 426 lines 12-13). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Busies Center (EBC) at 866-217-9197 (toll-free). 





